Grey Panthers Savannah

Category: security

  • Preventing your site from becomming a spammer heaven

    An other resource to help webmasters keep their new years resolution: Preventing Virtual Blight complete with video and slides 🙂

  • Circumventing web filtering software

    I was reading the Messing with Web Filtering Gateways post from GNU Citizen, and here are some comments / ideas: The problem is the impedance mismatch between the way the filtering software is parsing the headers and the way the webserver parses them. There will always be corner cases… For example, it would be interesting…

  • Loading the Meterpreter in a DLL

    After ranting about Metasploit I played around a little bit and tried out a little and here a part of what I found: Some times it may be useful to load the Meterpreter (or any payload in fact) as a DLL. Two scenarios I can think of: Software Restriction Policies (and many other whitelisting products)…

  • How permissive is the Windows autorun.inf parsing?

    While reading the F-Secure blogpost titled When is AUTORUN.INF really an AUTORUN.INF?, I was reminded of this masking technique – putting extra data between the relevant lines. But how tolerant is the autorun.inf parser (which I suppose in fact is the INI file parser) really? The example showed by F-Secure is quite mild, in the…

  • Free Microsoft e-book: Writing Secure Code for Windows Vista

    From /dev/random (where I stole the title from – because I’m a lazy bastard :-)): you can get an (electronic) copy of Writing Secure Code for Windows Vista by signing up for a free newsletter. I actually have read an older version of the book and found it very good. A large part of it…

  • “Official” DDoS tools

    There are quite a few people who perform computer attacks while claiming political reasons. The Arbor Network blog discusses a recent example: a group of people asking you to download and run their tool it “help israel” (this could maybe be called “political-engineering”, and is quite curious, because people are being told that the downloaded…

  • Enumerating objects / methods in Javascript

    I was reading the following post on the Metasploit blog: Fuzzing Flash For Fun (ASNative), which described how to use an undocumented feature of ActionScript to get the list of all functions and then fuzz them. I thought: surely, there is a simpler, documented way to do that. Now, the following code was written in…

  • 000webhost.com trying to install malware

    I needed a quick, free webhost. Incidentally (it is funny how things come together sometimes) I remembered Andreas Gohr mentioning 000webhost.com, so I decided to give it a try. Now, I knew that nothing is free, so I expected to need to insert some banner ads in the pages, however it seems that this hosting…

  • Privacy risks of signed Java applets

    Probably it is an occupational hazard, but when I’ve listened to episode #222 of the Java Posse (1/3 of the devil :-D) and they talked about a java applet do do screencasts, my first reaction was: is it possible to do this from an applet? isn’t this a privacy risk? The answer is: it depends…

  • A few tips for pshtoolkit

    pshtoolkit is short for Pass The Hash Toolkit, and is a program (or rather a small collection of programs) written and released as OSS by CORE. Its basic use is to authenticate to Windows systems by passing the hash of the password – hence the name – rather than the password. Here are a couple…